Don’t like identity confirmation? Here’s one way to disable it. [Not a Best Practice]

Just for the record, I am not recommending this as a solution. This decreases the security of your Salesforce org, and is generally against best practices. If you donâ€™t fully understand the implications I would definitely not recommend this solution. That said, I saw a client that did exactly this and thought I would share:

Turn off identity confirmation entirely: trust all IP addresses. This way the connecting IP address is always trusted, and therefore identity confirmation is always bypassed. Likewise, you will never need a security token for any connection.

This also means that if someone gets a Salesforce username/password combo from any user with API access, they can login and extract your entire database without a security token or email address verification from anywhere in the world. Use with caution!